Question on Local Users Group on Windows 2003 Standalone & System3
- From: Mark <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 27 Mar 2009 03:03:06 -0700
We have a Windows 2003 server that will be placed in DMZ as a standalone
server with IIS for webpage. One of the vulnerabilities identified is the
permission settings on the IISADMPWD. It's recommended that if the directory
cannot be removed, then modify the permissions so that only the
Administrators & System have access to this folder. I noticed the Power Users
& Users group had access to this folder but were inherited from the
\system32\ folder. I removed the Power Users group from \system32\ as their
are no local user accounts in that group. However,when I look at the Users
group, I see the ASPNet, NT Authority\Authenticated Users, NT
Authority\Interactive accounts in their. If I remove the Users group from the
NTFS permissions on the \system32\ will that break access for some of these
accounts? The only users that will log on locally to this box are
administrators. There is no printing or file & print sharing.
I know I can just go to the IISADMPWD folder and deny access to the users.
But wanted to know if anything would break by removing the group from the
\system32\.
Thanks in advance for any help given.
.
- Follow-Ups:
- Re: Question on Local Users Group on Windows 2003 Standalone & System3
- From: Kerry Brown
- Re: Question on Local Users Group on Windows 2003 Standalone & System3
- From: Shenan Stanley
- Re: Question on Local Users Group on Windows 2003 Standalone & System3
- Prev by Date: Re: Degree
- Next by Date: Re: Question on Local Users Group on Windows 2003 Standalone & System3
- Previous by thread: Degree
- Next by thread: Re: Question on Local Users Group on Windows 2003 Standalone & System3
- Index(es):
Relevant Pages
|
